Sham Link implementation in MPLS L3VPN environment

Sham Link feature is necessary if we want to deploy backdoor link between 2 OSPFs domains belong to the same area but split by MPLS. The issue that we will come across is a result that backdoor link will have priority over the MPLS.

We will be using below network MPLS L3VPN, to practice the Sham Link.

Here is the “empty” lab ready to implementation of Sham Link with MEGA decryption key:https://mega.nz/#!ejp2VSwB
!22yk15VEs13pAPP-FJNgvB5h_5429VIphHetqGmrJ_M

and rar file decryption key : www.itbundle.net

In the core we have MPLS with OSPF as an underlying protocol, also on both sites we have CUSTOMER-A VRF, for carrying VPNs responsible is bgp (vpnv4) 2345 process. There is full connectivity between 2 VRFs so you may easily ping 6.6.6.6 from 1.1.1.1. Let’s check how RIB table looks on the Customer-A1 router.

As we see, because MPLS with OSPF core is being considered by 2 sites as Superbackbone, updates from both sites are visible as Inter Area (IA).

Now, let’s add another direct link between 2 sites and run OSPF on its ‘ip ospf 2 area 0‘ on each interface and for better visualisation of the issue let’s increase the metric on interfaces ‘ip ospf cost 1000‘

Let’s check now how RIB table looks like

As we see, OSPF started to use direct link. We may put the question ‘WHY?’ The answer is simple. As we see OSPF this time treats this direct link as Intra Area. Intra Area is always prefered over Inter Area even the cost has been increased to 1000.

Now the Sham-Link comes into play. We will create the tunnel between R2 and R5 based on freshly created loopbacks within vrf CUSTOMER-A, then we advertise this tunnel into bgp 2345 process (vpnv4). Of course we have to do that on both sites
The Sham Link we create acording with this schema

Now, lest check how the route to 6.6.6.6 is visible by OSPF process from CUSTOMER-A1 router point of view and its RIB table. As we see the tunnel – Sham Link fulfills its duty and traffic from 1.1.1.1 to 6.6.6.6 and reverse is going back through MPLS.